what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2020-27781

Status Candidate

Overview

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Related Files

Ubuntu Security Notice USN-5128-1
Posted Nov 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5128-1 - Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. This issue only affected Ubuntu 21.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-27781, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
MD5 | 2995b9f052f1682434589f2a69919ada
Ubuntu Security Notice USN-4998-1
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4998-1 - It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
MD5 | aaf79671e90a09e457296e6fb1347c4f
Gentoo Linux Security Advisory 202105-39
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288
MD5 | d9c394d2cb2d7f6645bb6b9ed70f12a0
Red Hat Security Advisory 2021-1518-01
Posted May 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1518-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Issues addressed include denial of service and server-side request forgery vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12059, CVE-2020-13379, CVE-2020-27781, CVE-2021-3139
MD5 | 5234043a38a80006820de27e3f3818c6
Red Hat Security Advisory 2021-0081-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0081-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules provided as shared objects to support different file systems and name-spaces.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25660, CVE-2020-25677, CVE-2020-27781
MD5 | c068aca7baa10eb0923b7197118e8e69
Page 1 of 1
Back1Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close